function ContactPageAccess::access

Same name and namespace in other branches
  1. 9 core/modules/contact/src/Access/ContactPageAccess.php \Drupal\contact\Access\ContactPageAccess::access()
  2. 8.9.x core/modules/contact/src/Access/ContactPageAccess.php \Drupal\contact\Access\ContactPageAccess::access()
  3. 10 core/modules/contact/src/Access/ContactPageAccess.php \Drupal\contact\Access\ContactPageAccess::access()

Checks access to the given user's contact page.

Parameters

\Drupal\user\UserInterface $user: The user being contacted.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

core/modules/contact/src/Access/ContactPageAccess.php, line 55

Class

ContactPageAccess
Access check for contact_personal_page route.

Namespace

Drupal\contact\Access

Code

public function access(UserInterface $user, AccountInterface $account) {
    $contact_account = $user;
    // Anonymous users cannot have contact forms.
    if ($contact_account->isAnonymous()) {
        return AccessResult::forbidden();
    }
    // Users may not contact themselves by default, hence this requires user
    // granularity for caching.
    $access = AccessResult::neutral()->cachePerUser();
    if ($account->id() == $contact_account->id()) {
        return $access;
    }
    // User administrators should always have access to personal contact forms.
    $permission_access = AccessResult::allowedIfHasPermission($account, 'administer users');
    if ($permission_access->isAllowed()) {
        return $access->orIf($permission_access);
    }
    // If requested user has been blocked, do not allow users to contact them.
    $access->addCacheableDependency($contact_account);
    if ($contact_account->isBlocked()) {
        return $access;
    }
    // Forbid access if the requested user has disabled their contact form.
    $account_data = $this->userData
        ->get('contact', $contact_account->id(), 'enabled');
    if (isset($account_data) && !$account_data) {
        return $access;
    }
    // If the requested user did not save a preference yet, deny access if the
    // configured default is disabled.
    $contact_settings = $this->configFactory
        ->get('contact.settings');
    $access->addCacheableDependency($contact_settings);
    if (!isset($account_data) && !$contact_settings->get('user_default_enabled')) {
        return $access;
    }
    return $access->orIf(AccessResult::allowedIfHasPermission($account, 'access user contact forms'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.